Tilted Forum Project Discussion Community - View Single Post

Dilbert1234567 · 08-17-2006, 08:20 AM

Well in the past few months, MS fixed the problem, so i will just openly share the exploit. when windows used to runs a screen saver, it is ran under system privileges, with a boot disk, make a copy of cmd.exe and rename this copy cmd.scr, boot the system, and change the screensaver to this new file. change the timeout to 1 minute, and wait, after a minute, if your system is not fully patched, the command prompt that pops up will be running as system instead of the current user, then you can use the 'net user' command to add a new account with admin rights, log in with that user and you have a new admin account. This method works much better with win2k, where 'everyone' has full access to all directories by default, instead of just read as is the case under winxp.

08-17-2006, 08:20 AM	#12 (permalink)
Dilbert1234567 Devils Cabana Boy Location: Central Coast CA	Well in the past few months, MS fixed the problem, so i will just openly share the exploit. when windows used to runs a screen saver, it is ran under system privileges, with a boot disk, make a copy of cmd.exe and rename this copy cmd.scr, boot the system, and change the screensaver to this new file. change the timeout to 1 minute, and wait, after a minute, if your system is not fully patched, the command prompt that pops up will be running as system instead of the current user, then you can use the 'net user' command to add a new account with admin rights, log in with that user and you have a new admin account. This method works much better with win2k, where 'everyone' has full access to all directories by default, instead of just read as is the case under winxp. __________________ Donate Blood! "Love is not finding the perfect person, but learning to see an imperfect person perfectly." -Sam Keen